Internet privacy and security course
Aa font
AA font size
About translation
Previous Next

Chapter 25

A huge mistake or how exactly you should not keep passwords

In terms of this section we will have a block of articles on various ways to store passwords, their pros and cons. Depending on the security level of the method, we will recommend it to you to smaller or bigger extend, but there is one way that we strongly recommend you not to use ... but first a little story from my life.

One good friend of mine suspected his soul mate of infidelity and, knowing that I understood quite well in the tools for controlling her computer secretly, he asked me to put some legal RAT on her Mac (from the word RAT-Remote Access Toolkit, a remote control tool).

I refused to use cyber espionage tools on my computer, but I said that I could see the information if she gave me her iPhone or Mac. The very next day he visited me with her brand-new iPhone 8.

I never thought his girlfriend was very smart, but she deleted the history of the browser, as well as messaging applications. The only thing she did not know was that deleting the story was not enough, and a minute later my friend not only received a list of dating sites which the girlfriend used, but also a bunch of login / password to them.

How? If you use Apple devices with the default settings, then all your passwords are stored in iCloud and, knowing the password, you can view them from any of your devices. For example, on your iPhone or iPad, go to Settings> Accounts and Passwords> Program and Site Passwords. When you click on any entry, you can see the saved password. Android, Windows, many browsers, password managers have similar systems, and if you haven't turned them off, I have bad news for you.

Your passwords are stored in the cloud of third parties. Transfer your passwords to third parties is a very unwise step, but for objectivity I suggest starting with the advantages of this method of storing passwords.

Benefits of storing passwords in the cloud

It’s simple and convenient

It is really convenient. For example, in the case of iCloud, you save the password on your Mac, then, there is no problem for you to log in to the same site from your iPhone or iPad. When you change the computer, you only need to log in to your iCloud account, and all passwords are with you again.

If you lose the device, you do not lose passwords

If your laptop or phone is stolen, it will not be difficult for you to recover the passwords lost with them, and this is definitely a plus. All you need is to log in to the new device.

It's safe

But only if the passwords are encrypted at the level of your device and can be decrypted only with a key (password), which is stored exclusively at your place.

But in this case, if you lose your password (master password, as it is often called), you will lose access to all passwords. If there is an opportunity to recover a lost password, for example, with the help of a link sent by email, then the service can always access your data and there is no way talking about any security.

I did not find more advantages with this method, unlike a lot of disadvantages.

The drawbacks of storing passwords in the cloud

Speaking of minuses, I should note that cloud storage itself can be very different. For example, if only an encrypted file with keys for synchronization between devices is stored in the cloud, this is one case. In this case, the service is involved more in synchronizing the data stored on your device, it also has your IP addresses, but it cannot access your passwords, even closing it will not lead to significant problems.

Another case is when the owner of the service stores your passwords. Thus, iCloud, LastPass and many other services work, and this method of storing passwords carries a lot of risks and threats, which we will discuss below.